JP4679135B2 - Certification medium issuing system and certification medium issuing method - Google Patents

Description

  The present invention, for example, uses a person's biometric information (for example, a facial image) and personal information such as a driver's license for a car (hereinafter simply referred to as a license) and various certificates (including card type and booklet type). The present invention relates to a proof medium issuance system and a proof medium issuance method for issuing a proof medium by printing on the surface of a proof medium that has not been issued together. The present invention relates to a proof medium issuing system and a proof medium issuing method for issuing a proof medium by storing at least personal information in an IC chip using the IC card.

As this type of proof medium, an ID card used as a driver's license or various certificates is known. In such a certification medium issuing system for issuing an ID card with an IC chip, first, an applicant for ID card issuance applies for issuance of an ID card and other necessary information such as personal information on the application form. Fill out and apply to the publisher.
The issuer registers the applicant's personal information in the database based on the contents of the application form, prints the face image and personal information on the card surface with the card issuing device, and the individual on the IC chip in the card By writing the information, the ID card is issued and the issued ID card is delivered to the applicant.

  Normally, in the case of an ID card with an IC chip, personal information printed on the card surface is the minimum information for indicating the owner, such as the applicant's name and ID number. On the other hand, in addition to the information printed on the card surface, the owner's address, telephone number, date of birth, age, password, and other personal information important to function as an ID card are recorded on the IC chip in the card.

  Further, the IC chip is provided with a security function for preventing falsification in order to prevent unauthorized use due to rewriting or the like. For this reason, if an issue is made with incorrect issue information, the ID card must be discarded, and a new ID card must be prepared and issued again.

Further, when an IC chip issue error (IC chip write error) is generated and stopped, there is a possibility that the ID card is illegally used if the ID card is not discarded but otherwise leaked.
JP 2003-58832 A

  Normally, in this type of certification medium issuance system, the applicant who issued the ID card fills in the personal information on the application form, and the issuer manually registers the personal information from the completed application form. Issue a card. However, in the process up to the registration of personal information, there is a possibility that an error will be issued due to an entry error of the applicant or a registration error of the issuer.

  An ID card with an IC chip has high security, and it is effective to issue it in a form that does not permit rewriting as means for realizing security performance. For this reason, if the card is issued by mistake, it cannot be rewritten, and a new unissued ID card is prepared and issued again, resulting in unnecessary costs.

  If issued normally, an ID card with a highly secure IC chip can be created. However, if issuance fails due to a defective IC chip, etc., a defective card stopped in the middle of issuance appear.

  Furthermore, even if it is said that the IC chip is defective, there are various failure contents, such as a case where an operation failure occurs by chance or a case where only a part of functions is defective. In other words, even if the IC chip is defective, even if it is officially used, there may be a card that can use most of the functions. If this defective card leaks to others, there is a possibility that it will be illegally used.

  Therefore, the present invention makes security attribute information rewritable until the issuance applicant confirms the issuance contents even if the proof medium is mistakenly issued, and the issuance applicant confirms the issuance contents in the presence of the issuing party. By providing security attribute information such as falsification prevention for the first time after confirmation, it is possible to reduce the number of certification media to be discarded as much as possible, and to prevent wasteful costs from being generated and certification media issuing system An object is to provide a medium issuing method.

  Further, the present invention provides a proof medium capable of preventing unauthorized use by performing security attribute information change processing when a storage medium write error occurs and making it inaccessible even if operated thereafter It is an object to provide an issuing system and a certification medium issuing method.

  The proof medium issuing system of the present invention includes a biometric information acquiring means for acquiring a person's biometric information, a personal information acquiring means for acquiring personal information necessary for issuing the person's proof medium, and at least the personal information acquiring means. And writing means for writing security attribute information indicating personal information obtained by the above and access conditions for the personal information in a rewritable state to the storage medium of the unissued certification medium provided with the storage medium; Printing means for printing the biometric information acquired by the biometric information acquisition means and the personal information acquired by the personal information acquisition means corresponding to the biometric information on the surface of the unissued certification medium; After the writing process by the writing unit and the printing process by the printing unit are completed, the information written in the storage medium of the certification medium is read. Output means for outputting the certification medium issue applicant in a visible state, and security in the storage medium of the certification medium based on confirmation of the contents outputted by the output means by the issue applicant Security attribute information changing means for changing the attribute information to a non-rewritable state.

  Further, the proof medium issuing system of the present invention includes an image acquisition means for acquiring at least a face image of a person, a personal information acquisition means for acquiring personal information necessary for issuing the person's proof medium, and at least the personal information. Writing that writes personal information acquired by the acquisition means and security attribute information indicating access conditions for the personal information to the storage medium in an unissued proof medium provided with the storage medium in a rewritable state Printing means for printing the face image acquired by the image acquisition means and the personal information acquired by the personal information acquisition means corresponding to the face image on the surface of the unissued certification medium; After the writing process by the writing unit and the printing process by the printing unit are completed, the information written in the storage medium of the certification medium is read. Output means for outputting the proof medium issuer in a state that is visible to the applicant, and security in the storage medium of the proof medium based on confirmation of the contents output by the output means by the issuer Security attribute information changing means for changing the attribute information to a non-rewritable state.

  The proof medium issuing method of the present invention includes a biometric information acquisition step for acquiring a person's biometric information, a personal information acquisition step for acquiring personal information necessary for issuing the person's proof medium, and at least the personal information. Writing in which the personal information acquired in the acquisition step and the security attribute information indicating the access conditions for the personal information are written to the storage medium of the unissued proof medium provided with the storage medium in a rewritable state A printing step for printing the biometric information acquired by the biometric information acquisition step and the personal information acquired by the personal information acquisition step corresponding to the biometric information on the surface of the unissued certification medium; After the writing process by the writing step and the printing process by the printing step are finished, the proof medium The output step of reading the information written in the storage medium and outputting it in a state that is visible to the applicant for issuing the certification medium, and the issue applicant confirmed the content output by this output step. And a security attribute information changing step for changing the security attribute information in the storage medium of the certification medium to a non-rewritable state.

  Furthermore, the proof medium issuing method of the present invention includes an image acquisition step for acquiring at least a face image of a person, a personal information acquisition step for acquiring personal information necessary for issuing the person's proof medium, and at least the personal information. Writing in which the personal information acquired in the acquisition step and the security attribute information indicating the access conditions for the personal information are written to the storage medium of the unissued proof medium provided with the storage medium in a rewritable state A printing step of printing the face image acquired by the image acquisition step and the personal information acquired by the personal information acquisition step corresponding to the face image on the surface of the unissued certification medium; After the writing process by the writing step and the printing process by the printing step are completed, the proof medium An output step for reading the information written in the storage medium and outputting it in a state that is visible to the applicant for issuing the certification medium, and the issue applicant has confirmed the contents output by this output step. And a security attribute information changing step for changing the security attribute information in the storage medium of the certification medium to a non-rewritable state.

  According to the present invention, even if the certification medium is issued by mistake, the security attribute information is rewritable until the issuer confirms the issue content, and the issuer applies the issue content in the presence of the issuer. By providing security attribute information such as falsification prevention for the first time after confirmation, it is possible to reduce the number of certification media to be discarded as much as possible, and to prevent wasteful costs from being generated and certification media issuing system A medium issuing method can be provided.

  In addition, according to the present invention, when a write error to the storage medium occurs, the security attribute information is changed, and even if it is operated thereafter, the proof that the unauthorized use can be prevented by making it inaccessible Media issuing system and certification medium issuing method can be provided.

Hereinafter, embodiments of the present invention will be described with reference to the drawings.
In the following description, a case where a face image is used as the biometric information of a person will be described as an example. In addition to the face image, other biometric information such as a fingerprint image, an iris information, a palm-shaped image, a finger image, and vein information is used. The same can be implemented using

FIG. 1 schematically shows a configuration of a certification medium issuing system for issuing an ID card, for example, according to an embodiment of the present invention. In FIG. 1, this certification medium issuance system is connected to a host computer 101 composed of a general-purpose computer for overall control, and at least a card issuance applicant (hereinafter simply referred to as an applicant). The database 103 that stores personal information including various information described in the ID card 102 in correspondence with the personal number (ID number) as unique identification information possessed by the applicant 102, and at least the face of the applicant 102 An image acquisition unit (biological information acquisition unit) that captures an image including the image (hereinafter referred to as a face image), and a command from the image capture unit 104, the face image of the applicant 102, personal number, name, age, Printing means for creating an ID card 105 by printing personal information such as an address on an unissued ID card; The printing device 106, a filing device 107 for filing personal information such as a face image, personal number, name, age, address, etc., and a card issuing application form (hereinafter simply referred to as the personal information entered by the applicant 102). A registration terminal device 109 for registering the information of the application 108 in the database 103, a confirmation terminal device 110 as an output means for confirming the contents of the issued ID card 105, the host computer 101, and the photographing device 104. , A printing apparatus 106, a filing apparatus 107, a registration terminal apparatus 109, and a confirmation terminal apparatus 110.
The printing device 106 includes an IC writing device 112 as writing means for writing a face image, personal information, and the like on the IC chip 113 of the ID card 105.

  The ID card 105 as a proof medium uses, for example, an IC card, and incorporates an IC chip 113 including a memory formed as an IC as a storage medium. On the surface of the ID card 105, a face image 114 of the applicant 102, personal information 115 such as a personal number, name, age, and address are printed.

  The IC card used as the ID card 105 is a contact type IC card that communicates with the IC writing device 112 via a contact portion, or a non-contact type that communicates wirelessly with the IC writing device 112. Any type of IC card may be used.

FIG. 2 schematically shows the configuration of the printing apparatus 106 that performs surface printing on the ID card 105 and writing processing (issuance processing) on the IC chip 113.
The printing device 106 loads data into the IC chip 113 of the ID card 105, the hopper unit 201 for loading the ID card 105 with the IC chip that has not been issued, the take-out device 202 for taking out the ID card 105 from the hopper unit 201 one by one. Or an IC card reader / writer unit 203 for performing reading processing (corresponding to the IC writing device 112 in FIG. 1), an image printing unit 204 for printing a face image on the surface of the ID card 105, and character information on the surface of the ID card 105 The character printing unit 205 that prints (personal information), the protective material application unit 206 that applies a protective material to the surface of the ID card 105 that prints face images and character information, and the protective material applied by the protective material application unit 206 is cured. A curing unit 207 for discharging, and a discharging unit 208 for discharging and accumulating the ID card 105 for which printing processing (issuance processing) has been completed搬走 path 209, 210 for transporting the ID card 105 taken out by the out apparatus 202 to each unit, and is constituted by the transport switching unit 211, 212 to switch the transport destination.

In such a configuration, the ID card 105 with an IC chip that has not been issued is taken out from the hopper unit 301, issuance processing is performed, and there are two flows to be discharged to the discharge unit 208. One of them is the hopper unit 201 → the ejecting device 202 → the IC card reader / writer unit 203 → the conveyance switching unit 211 → the face image printing unit 204 → the character printing unit 205 → the conveyance switching unit 212 → the protective material application unit 206 → the curing unit 207. The case of flowing to the discharge unit 208 and the other case of flowing to the hopper unit 201 → the unloading device 202 → the IC card reader / writer unit 203 → the conveyance switching unit 211 → the discharge unit 208. These two types of flows are realized by bypassing the conveyance switching unit 211.
With such a configuration, the issue process is usually performed according to the former flow. For the ID card 105 that has issued the data of the IC chip 113 by mistake, only the IC chip 113 is rewritten according to the latter flow. Can be performed.

FIG. 3 schematically shows the configuration of the confirmation terminal device 110 that reads and confirms the content written in the IC chip 113 of the issued ID card 105.
The confirmation terminal device 110 includes a personal computer (hereinafter simply referred to as a personal computer) 301 serving as a console and an IC card reader / writer 302. The personal computer 301 includes a display unit 303 that displays and outputs information in the IC chip 113 of the ID card 105, operation guidance, and the like, a keyboard 304 as an external input device operated by the operator, and a mouse 305.

  As described above, the ID card 105 is printed with the face image 114 of the owner and personal information 115 such as the owner's name, address, and personal number as surface printing. Further, the ID card 105 has an IC chip. 113 is embedded, and the same information as the surface printing and other information are written in the IC chip 113 in order to prove that the surface printing is not performed improperly.

  In such a configuration, by loading the ID card 105 into the IC card reader / writer 302, information is read from or written into the IC chip 113 of the ID card 105 from the IC card reader / writer 302 by a predetermined operation of the personal computer 301. Be able to.

  FIG. 4 shows a specific example of the data structure stored in the IC chip 113 of the ID card 105 and the security attribute information for each data when the ID card 105 is output from the printing apparatus 106.

In FIG. 4, the file number 0 is the date of issue of the ID card 105 (YYYYMMDD), the file number 1 is the name (ABCD) of the applicant 102 who is the owner of the ID card 105, and the file number 2 is the applicant. 102, the file number 3 is the address of the applicant 102 (EFGH), the file number 4 is the telephone number of the applicant 102 (91011112131), and the file number 5 is the date of birth of the applicant 102 (YYYYMMDD) , File number 6 and other personal information, and file numbers 7 to 10 when personal information changes as a file to which additional changes are made when the owner is married or transferred after card issuance 1 to 4 are stored.
In the file number 11, data generated by a hash function based on data of all other files or a part of the file is encrypted with a digital key data encrypted by a public key method and encrypted with a secret key of the issuer Data is stored. The file number 12 stores a password for reading each file, which is applied by the applicant 102. File number 13 stores the write password for each file, which is also applied by applicant 102.

There are two types of these files depending on the file type. One is a WEF such as a file number 0 to 11, which is a file that can directly access data from these normal applications. The other is an IEF such as file numbers 12 and 13, which is a file for verifying passwords and other various authentications. Internal data cannot be directly accessed from an application. In the present embodiment, by performing password verification on the IEF, the WEF can access each security attribute information.
There are three types of security attribute information: [Read] indicating a data readable condition, [Write] indicating an initial writable condition, and [UpDate] indicating a rewritable condition.

  For example, when reading the data of the name file with the file number 1, first the password is verified against the password file for reading with the file number 12, and then the file number 1 is accessed to read the data. Also, here, if access is made with an incorrect password and the access continues for a specified number of times, the corresponding IEF is blocked and all related WEFs are inaccessible.

  FIG. 5 shows a specific example of the data structure stored in the IC chip 113 of the ID card 105 and the security attribute information for each data when the ID card 105 is output from the verification terminal device 110.

The difference from FIG. 4 is the security attribute information of each file. That is, at the time of output from the printing apparatus 106, all data can be updated (UpDate), and even if there is a mistake in filling in the application form 108 of the applicant 102 or a registration mistake in the issuer, the correction is correct. There is room. On the other hand, in FIG. 5, all the files whose security attribute information can be corrected are updated (UpDate) by confirming the issued data again in the confirmation terminal device 110 and performing the process of phase transition to be described separately. ) Impossible and cannot be corrected.
That is, after the state shown in FIG. 5 is reached, unauthorized access such as tampering cannot be performed on the data in the IC chip 113, and strong security can be achieved. In addition, when the IEF is blocked in this state, all accesses to all WEFs are impossible.

FIG. 6 schematically shows a flow from the card issue application by the applicant 102 to the issue completion in the certification medium issuing system.
First, the applicant 102 enters personal information necessary for issuance in the application form 108 and submits it to the issuer for the issuance application of the ID card with IC. In response to this, the issuer registers personal information of the submitted application form 108 in the database 103 by using the registration terminal device 109.

  Next, the applicant 102 shoots a face image with the photographic device 104. The photographing apparatus 104 generates issuance data based on the photographed face image and personal information acquired from the database 103, and sends it to the printing apparatus 106. The printing apparatus 106 performs surface printing of the ID card 105 and issue processing (data writing processing) of the IC chip 113 based on the received issue data.

  Next, the applicant 102 confirms the contents written in the IC chip 113 of the issued ID card 105 by the confirmation terminal device 110 in the presence of the issuer, and confirms the security attribute information of the issued file. Make changes and complete publication.

FIG. 7 shows a flow of processing from the photographing of the face image of the applicant 102 by the photographing device 104 to the issue request to the printing device 106, which will be described below.
First, the operator inputs the ID number of the applicant 102 using the photographing apparatus 104 (step S101). Next, the photographing apparatus 104 acquires the personal information of the applicant 102 from the database 103 via the host computer 101 on the network 111 using the input ID number as a key (step S102). Here, the processing in step S102 corresponds to the personal information acquisition means in the present invention.

  Next, the operator operates the photographing apparatus 104 to perform a photographing instruction (Step S103). Then, the imaging device 104 captures the face image of the applicant 102 (step S104). Here, the processing in step S104 corresponds to the image acquisition means (biological information acquisition means) in the present invention.

  Next, the photographing apparatus 104 generates issuance data based on the photographed face image and the personal information of the applicant 102 acquired from the database 103 (step S105). Next, the imaging device 104 sends an issue request message with the generated issue data to the printing device 106.

FIG. 8 shows the flow of processing from receipt of the issuance request message to completion of issuance in the printing apparatus 106, which will be described below.
When the printing apparatus 106 receives the issuance request message from the photographing apparatus 104 (step S201), the printing apparatus 106 performs the issuance process of the ID card with IC chip 105 (step S202). When the printing apparatus 106 is finished, the printing apparatus 106 sends a completion message to the photographing apparatus 104 (step S203). ), The process is terminated.

  FIG. 9 shows in detail the flow of the issuing process (step S202 in FIG. 8) in the printing apparatus 106, which will be described below. In this issuance process, by switching the conveyance switching unit 211 based on the contents of the IC chip 113 of the ID card 105, the issuance process (writing process) for only the IC chip 113 and the entire issuance process including the card surface printing are performed. It shows that it corresponds to the issuing method of seeds.

  First, in S701, the unissued ID card 105 loaded in the hopper unit 201 is taken out by the take-out device 202 and conveyed to the IC card reader / writer unit 203 (step S301). Next, the IC card reader / writer unit 203 confirms the data in the IC chip 113 of the IC card 105 (step S302). The switching unit 211 is switched to the lower side (b side in FIG. 2) (step S303). If the IC chip is not issued, the conveyance switching unit 211 is switched to the upper side (a side in FIG. 2) (step S304).

  That is, in this process, it is determined whether or not only the IC chip 113 is issued (data writing). If the IC chip 113 has been issued, it means that the IC chip 113 is reissued due to incomplete issue contents to the IC chip 113. Since surface printing has already been completed, it is not necessary to perform surface printing. If the IC chip 113 has not been issued, it is a new issue, so it is necessary to issue the IC chip and perform surface printing.

  If the IC chip 113 has been issued, the IC chip 113 is issued in steps S305 and S306, and then the issued ID card 105 is discharged to the discharge unit 208 in step S307.

  If the IC chip 113 has not been issued, the IC chip 113 is issued in steps S308 and S309, the face image is printed in step S310, and then the character information is printed in step S311. Thereafter, the protective material is applied in step S312, and then the protective material is cured in step S313. Thereafter, the issued ID card 105 is discharged to the discharge unit 208 in step S314.

  FIG. 10 shows in detail the flow of the IC chip issuance process in steps S306 and 309 in FIG. 9, which will be described below. In this IC chip issuance process, writing of issuance data to the IC chip 113, and if the writing fails, various passwords (PIN) and security attribute information are changed so that the ID card 105 is not used illegally. Is shown.

  First, each file for writing issuance data is generated for the IC chip 113, and for example, security attribute information shown in FIG. 4 is set for each generated file (step S401). Next, a read password is set in the file number 12 and a write password is set in the file number 13 (step S402).

  Next, each issue data is written to the files 1 to 10 (step S403). Next, the file 12 is collated with a read password so that the files 1 to 10 can be read (step S404). Next, the data of the files 1 to 10 are read (step S405).

  Next, each read file data is checked to confirm that the data has been correctly written (step S406). If the data has been correctly written, the processing ends. If the data is not correctly written, the security attribute information is changed (step S407), the files 12 and 13 are blocked (step S408), and then error processing is performed (step S409). finish.

  By this process, no access can be made to the error card. That is, if the data is not correctly written in step S406, it is highly likely that the IC chip 113 is defective or unstable, and it is necessary to perform appropriate disposal at the responsibility of the issuer. If the error card leaks out by mistake, it may be illegally issued and used, such as forgery. For this reason, the security attribute information and the password file are blocked so that no access is possible.

  FIG. 11 shows the flow of processing in the confirmation terminal device 110 in detail, which will be described below. In this process, the applicant 102 finally confirms whether or not the issued content is correct for the ID card 105 that has been issued by the printing apparatus 106. If the issued content is correct, the security attribute information is changed and rewritten. It indicates that it is impossible.

  First, a display prompting the user to input a password (PIN) is displayed on the operation screen of the display unit 303 (step S501). Here, the applicant 102 sets the issued ID card 105 on the IC card reader / writer 302, and inputs the reading password requested by the applicant 102 from the keyboard 304 (step S502).

  Next, the reading password is read by the IC card reader / writer 302 from the IC chip 113 of the set ID card 105, and collated with the reading password input by the applicant 102 (step S503). If the passwords do not match as a result of the verification, personal information correction processing is performed (step S504).

  If the two passwords match as a result of the collation in step S503, the personal information of the applicant 102 in the IC chip 113 is read and displayed on the operation screen of the display unit 303 (step S505). Here, the applicant 102 determines whether or not the displayed personal information is correct (step S506). If the personal information is not correct, the applicant 102 performs personal information correction processing (step S504).

  If the result of determination in step S506 is that the personal information is correct, a confirmation button is pressed from the keyboard 304 (step S507). Then, a write password (PIN) input screen is displayed on the operation screen of the display unit 303 (step S508). Here, the applicant 102 inputs a writing password from the keyboard 304 (step S509).

  Next, the writing password is read by the IC card reader / writer 302 from the IC chip 113 of the set ID card 105 and collated with the writing password input by the applicant 102 (step S510). If the passwords do not match as a result of the verification, personal information correction processing is performed (step S504).

  If the two passwords match as a result of the collation in step S510, the security attribute information of each file is changed (step S511). The change contents of the security attribute information are changed from the state of FIG. 4 to the state of FIG.

  FIG. 12 shows a first example of the flow of personal information correction processing in step S504 of FIG. 11, which will be described below. In the first example of the personal information correction process, when the issued content of the issued ID card with IC chip 105 is not correct, the personal information is re-registered in the database 103 by the confirmation terminal device 110, and the confirmation terminal device The IC chip 113 is reissued by 110.

  That is, first, the issued ID card 105 is attached to the IC card reader / writer 302 of the confirmation terminal device 110, and the content of the IC chip 113 is read and displayed on the display unit 303, whereby the display content (personal information) is displayed. Correction is made by the keyboard 304 (step S601).

  Next, by performing a predetermined operation on the keyboard 304, the corrected personal information is rewritten to the IC chip 113 of the ID card 105 mounted on the IC card reader / writer 302 (step S602). Next, the corrected personal information is re-registered in the database 103 by performing a predetermined operation on the keyboard 304 (step S603).

  FIG. 13 shows a second example of the flow of personal information correction processing in step S504 of FIG. 11, which will be described below. In the second example of the personal information correction process, when the issued content of the issued ID card with IC chip 105 is not correct, the personal information is re-registered in the database 103 by the confirmation terminal device 110 and the printing device 106 The IC chip 113 is reissued.

  That is, first, the issued ID card 105 is attached to the IC card reader / writer 302 of the confirmation terminal device 110, and the content of the IC chip 113 is read and displayed on the display unit 303, whereby the display content (personal information) is displayed. Correction is made by the keyboard 304 (step S701). Next, the corrected personal information is re-registered in the database 103 by performing a predetermined operation on the keyboard 304 (step S702).

  Next, the ID card 105 mounted on the IC card reader / writer 302 is loaded into the hopper unit 201 of the printing apparatus 106 (step S703). Next, by issuing an issue request operation (step S704), the personal information (modified personal information) of the applicant 102 is acquired from the database 103, and issue data is generated (step S705). Next, by issuing an issue request message (step S706), only reissue (rewrite) to the IC chip 113 is performed.

  As described above, according to the above embodiment, the contents of the IC chip 113 can be rewritten at the time of output from the printing apparatus 106, and finally the applicant 102 and the person in charge of registration are reconfirmed. Thus, a setting is made such that the contents of the IC chip 113 cannot be rewritten. Thereby, when the above-mentioned issue mistake etc. occur, rewriting of IC chip 113 can be performed and it can prevent generating useless expense.

  In addition, by providing a bypass (a transfer switching unit 211 provided downstream of the IC card reader / writer unit 203) that discharges after the IC chip issuance, an issue mode in which only the IC chip 113 is issued, an issue of the IC chip 113, and a card surface It is possible to deal with two types of issuance forms that perform both printing.

  Furthermore, according to the above-described embodiment, when it is determined that the IC chip 113 is not issued, the password (PIN) and other security attribute information are changed, and even if it is operated thereafter, access as an ID card is not permitted. By making it possible, even if the defective ID card is leaked elsewhere, it is possible to eliminate the possibility of being issued and used illegally.

  In the above embodiment, the case where only the personal information is stored in the IC chip has been described. However, the face image may be stored together with the personal information in the IC chip.

  Moreover, although it described as correspondence when there is a mistake in the issue of the IC chip 113, there is no individual information such as personal information on the card surface, that is, there is no need for surface printing. It can also be used in combination with issuing.

  Furthermore, although the case where the certification medium to be issued is a card type (ID card) has been described, the present invention can be similarly applied to the issuance of a booklet type certification medium.

1 is a block diagram schematically showing a configuration of a certification medium issuing system according to an embodiment of the present invention. The schematic diagram which shows schematically the structure of the printing apparatus which performs the surface printing to ID card, and the writing process to IC chip. The schematic diagram which shows schematically the structure of the confirmation terminal device which reads and confirms the content written in the IC chip of the issued ID card. The figure which shows the data structure preserve | saved in the IC chip of an ID card, and the specific example of the security attribute information with respect to each data at the time of outputting an ID card from a printing apparatus. The figure which shows the data structure preserve | saved in the IC chip of an ID card, and the specific example of the security attribute information with respect to each data at the time of ID card output from a confirmation terminal device. The flowchart which shows roughly the flow from the card issue application by an applicant to completion of issue. 6 is a flowchart showing a flow of processing from photographing an applicant's face image by the photographing device to issuing a request for issuing to the printing device. 6 is a flowchart showing a flow of processing from reception of an issue request message to completion of issue in the printing apparatus. 6 is a flowchart showing in detail a flow of issue processing in the printing apparatus. 10 is a flowchart showing in detail a flow of IC chip issue processing in FIG. 9. The flowchart which shows the flow of a process in a confirmation terminal device in detail. The flowchart which shows the 1st example of the flow of the personal information correction process in FIG. The flowchart which shows the 2nd example of the flow of the personal information correction process in FIG.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 101 ... Host computer, 102 ... Card issue applicant, 103 ... Database, 104 ... Imaging device (image acquisition means, biometric information acquisition means), 105 ... ID card (medium for certification), 106 ... Printing device (printing means), DESCRIPTION OF SYMBOLS 107 ... Filing apparatus, 108 ... Card issue application, 109 ... Registration terminal apparatus, 110 ... Confirmation terminal apparatus (output means), 111 ... Network, 112 ... IC writing apparatus (writing means), 113 ... IC chip (memory | storage) Medium), 115... Personal information, 203... IC card reader / writer unit (writing means).

Claims (7)

Biometric information acquisition means for acquiring biometric information of a person;
Personal information acquisition means for acquiring personal information necessary for issuing the proof medium for the person;
Security attribute information indicating at least personal information acquired by the personal information acquisition means and access conditions for the personal information is rewritable to the storage medium of the unissued certification medium provided with the storage medium. Writing means for writing;
Printing means for printing the biometric information acquired by the biometric information acquisition means and the personal information acquired by the personal information acquisition means corresponding to the biometric information on the surface of the unissued certification medium;
After the writing process by the writing unit and the printing process by the printing unit have been completed, the information written in the storage medium of the certification medium is read and visible to the applicant for issuing the certification medium Output means for outputting at
Security attribute information changing means for changing the security attribute information in the storage medium of the certification medium to a non-rewritable state based on the confirmation of the content output by the output means by the issuer,
A proof medium issuing system comprising: Image acquisition means for acquiring at least a face image of a person;
Personal information acquisition means for acquiring personal information necessary for issuing the proof medium for the person;
Security attribute information indicating at least personal information acquired by the personal information acquisition means and access conditions for the personal information is rewritable to the storage medium of the unissued certification medium provided with the storage medium. Writing means for writing;
Printing means for printing the face image acquired by the image acquisition means and the personal information acquired by the personal information acquisition means corresponding to the face image on the surface of the unissued certification medium;
After the writing process by the writing unit and the printing process by the printing unit have been completed, the information written in the storage medium of the certification medium is read and visible to the applicant for issuing the certification medium Output means for outputting at
Security attribute information changing means for changing the security attribute information in the storage medium of the certification medium to a non-rewritable state based on the confirmation of the content output by the output means by the issuer,
A proof medium issuing system comprising: Write information check means for checking whether or not the information written in the storage medium of the certification medium by the writing means is correctly written;
If the information is not correctly written as a result of the check by the writing information checking means, the security attribute information in the storage medium of the certification medium is changed to set the access to the storage medium to an impossible state. A second security attribute information changing means;
The certification medium issuing system according to claim 1 or 2, further comprising:   3. The certification medium issuing system according to claim 1, wherein the certification medium is an IC card incorporating an IC chip as a storage medium. A biometric information acquisition step of acquiring biometric information of a person;
A personal information acquisition step for acquiring personal information necessary for issuing the proof medium for the person;
Security attribute information indicating at least the personal information acquired in the personal information acquisition step and access conditions for the personal information is rewritable to the storage medium of the unissued proof medium provided with the storage medium. A writing step to write;
A printing step of printing the biometric information acquired by the biometric information acquisition step and the personal information acquired by the personal information acquisition step corresponding to the biometric information on the surface of the unissued certification medium;
After the writing process by the writing step and the printing process by the printing step are finished, the information written in the storage medium of the certification medium is read and visible to the applicant for issuing the certification medium An output step to output with
A security attribute information change step for changing the security attribute information in the storage medium of the certification medium to a non-rewritable state based on the confirmation of the contents output by this output step,
A method of issuing a certification medium, comprising: An image acquisition step of acquiring at least a face image of a person;
A personal information acquisition step for acquiring personal information necessary for issuing the proof medium for the person;
Security attribute information indicating at least the personal information acquired in the personal information acquisition step and access conditions for the personal information is rewritable to the storage medium of the unissued proof medium provided with the storage medium. A writing step to write;
A printing step of printing the face image acquired by the image acquisition step and the personal information acquired by the personal information acquisition step corresponding to the face image on the surface of the unissued certification medium;
After the writing process by the writing step and the printing process by the printing step are finished, the information written in the storage medium of the certification medium is read and visible to the applicant for issuing the certification medium An output step to output with
A security attribute information change step for changing the security attribute information in the storage medium of the certification medium to a non-rewritable state based on the confirmation of the contents output by this output step,
A method of issuing a certification medium, comprising: A writing information check step for checking whether the information written in the storage medium of the certification medium by the writing step is correctly written;
If the information is not correctly written as a result of the check in the writing information check step, the security attribute information in the storage medium of the certification medium is changed to set the access to the storage medium to an impossible state. A second security attribute information change step;
The proof medium issuing method according to claim 5 or 6, further comprising:

Images